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About This Guide 



The WebRamp 315e/i Upgrade Guide complements the WebRamp Reference, 
providing detailed information about setting up a virtual private network with 
your WebRamp 315e or WebRamp 315i VPN client. 

What's In This Guide 

The guide provides information only about connecting offices with a virtual 
private network. For information about the other features of the WebRamp, see 
the WebRamp Reference located on the CD that came with your product. 

Technical Support 

You can reach the Technical Support group at Ramp Networks by phone, e-mail, 
fax, or mail. The hours are 6 AM to 5 PM, Pacific Standard Time (U.S.). 

Here are the ways you can reach Technical Support. 

• Web site: www.rampnet.com/support 

• Mailing address: Technical Support, Ramp Networks, 3 100 De La Cruz Blvd., 
Santa Clara, CA 95054, U.S.A. 

• Fax: 1(408)988-6363, attention Technical Support 

• E-mail: support@rampnet.com 

• Phone: 1(408)988-5353 
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Conventions 



When you request support, please provide the serial number of your WebRamp, 
your name, your e-mail address, your company name, street address, and phone 
number. 

Conventions 



The following table explains the conventions used in this document. 



Typeface 


Description 


Example 


Italics 


Manual titles, new words or terms, 
or special emphasis. 


WebRamp Reference 


Boldface 


Buttons, checkboxes, or items that 
you can select from screens, menus, 
or dialog boxes. 


Click OK to restart 
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Chapter 

1 



Creating a Virtual Private Network 



A virtual private network (VPN) is a way to connect private networks securely 
over the Internet. With a VPN, the connection between locations is made over the 
Internet through local ISPs. If your office is in a geographically distant location 
from the other office, the savings on long-distance phone charges can be 
significant. 

The WebRamp 310 family supports VPN pass-through, which allows individual 
Windows computers on your network to connect to networks in different 
locations using the Windows VPN feature and the WebRamp' s Internet 
configuration. 

The WebRamp 315e/i provides VPN client capability as well as VPN pass- 
through capability. All the computers on your network can use the WebRamp' s 
VPN client and Internet configuration to connect to an office in another location. 

This chapter explains the WebRamp' s VPN pass-through and VPN client 
features. See "VPN Pass-Through" and "VPN With the WebRamp Client" for 
more information. 

VPN Pass-Through 

Microsoft provides the capability with Windows 95 and NT operating systems to 
create a VPN from a computer in one location to an NT server in a remote 
location. Users in your office may want to use both the Windows VPN feature 
and WebRamp VPN feature, and it's possible to set up connections with both 
features on your network. 
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VPN Pass-Through 



NOTE - You can use both the WebRamp VPN client and Windows VPN client on your 
network, but Ramp Networks recommends that you do not use both to set up a 
connection to the same location. 



If you have only one or two users who need to connect to a remote location 
through a VPN, you may want those users to use the Windows VPN client. The 
WebRamp' s VPN pass-through feature allows users on your network to access a 
remote server using the WebRamp' s Internet configuration. Each Windows 
computer can have a connection to a different location. However, each 
connection must be configured separately. You can view which computers are 
using VPN pass-through on the VPN Pass-Through page (shown in Figure 1-2). 



NOTE - The NT server in the other office must have a static IP address and be 
connected to the Internet to create a successful VPN connection. 



If you have several people in your office who need access to the same remote 
location, you should use the WebRamp' s VPN client. The WebRamp' s VPN 
connection is transparent to the users on your network, and all users have access 
to the remote location. See "VPN With the WebRamp Client" for information 
about setting up a VPN connection with the WebRamp. 

Figure 1-1 shows a VPN connection from a Windows client to a remote NT 
server. The WebRamp' s pass-through feature is enabled, which allows 
information to travel from the Windows client to the remote server using the 
WebRamp' s Internet configuration. 



Figure 1-1 VPN pass-through connection 
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VPN With the WebRamp Client 



As shown in Figure 1-1, the connection request comes from the Windows VPN 
client instead of the WebRamp. 

NOTE - You do not have access to Internet resources such as the World Wide Web while 
you are connected to another office using a Windows client and VPN pass- 
through on the WebRamp. 

On the VPN Pass-Through page, which you reach through Local Configuration 
in the WebRamp setup, you can enable and disable pass-through and view the 
address of the client that initiated the connection and the address of the remote 
server. Figure 1-2 shows the VPN Pass-Through page. 

Figure 1-2 VPN Pass-Through page 
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VPN With the WebRamp Client 

If you decide to connect to another office using the WebRamp VPN client, 
consider the following: 

• The VPN configuration depends on the WebRamp's Internet connection to 
send data. Before you set up a VPN with your WebRamp, you must set up 
your Internet connection. 

• You can use the WebRamp VPN client to set up one VPN connection to one 
location. 
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VPN With the WebRamp Client 



• There is no client configuration required for any of the computers. When you 
configure a VPN connection to another office with the WebRamp, all the 
computers on your network can connect to the remote office over the VPN. 

• You can access Internet resources while using the WebRamp's VPN client 
feature. Resources such as the World Wide Web are still available to you while 
you are connected to the other office. 

• The WebRamp has client-only capability and cannot be configured for an 
incoming VPN connection. Once the WebRamp client initiates and makes the 
connection, information can be passed back and forth. 



NOTE - The WebRamp can accept incoming calls from telecommuter and branch office 
connections while a VPN connection is active. 



How the WebRamp Creates a VPN 

A VPN requires an Internet connection. The WebRamp in your office, acting as 
the client, accesses over the Internet the network resources provided by an NT 
server in another office. 



NOTE - The WebRamp acts as a client only. A Windows NT Server 4.0 or above with 
VPN configured is required in the office you are connecting to. 



When the WebRamp client initiates a connection, the request goes through the 
WebRamp, the local ISP, over the Internet, through the other office's local ISP, 
and then to a Windows NT server in the other office. 



NOTE - The WebRamp PPTP client connects to Windows PPTP server software, which 
comes with Windows NT Server 4.0 and above. 



Figure 1-3 shows a network connection over a VPN. 
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VPN With the WebRamp Client 



Figure 1 -3 Network connection over a VPN 
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A VPN connection through the WebRamp uses PPTP to encapsulate the data 
being sent and create a "tunnel" to transmit the data between networks. (PPTP, 
Point to Point Tunneling Protocol, is the protocol used to send and receive 
information with a VPN connection.) Data transmission is not restricted by 
different protocols, because PPTP encapsulates both IP, IPX, and NetBEUI data. 
The WebRamp also encrypts the data, providing security for VPN connections. 



NOTE - The WebRamp supports IP and IPX protocols only. 



Setting Up a VPN With the WebRamp 

The simplest way to set up a VPN connection for the first time with your 
WebRamp is through the Connection Wizard in the WebRamp setup. This 
section provides an example that takes you through the setup process using the 
Connection Wizard. This section also provides basic information about what you 
need to set up the NT server in the remote office. 



NOTE - Certain information (for example, the IP addresses) provided in the steps is for 
example only; you must provide the information for the actual connection. 



You can also set up a connection in the Advanced section of the WebRamp setup. 
See "Advanced Configuration" for more information. 
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VPN With the WebRamp Client 



Before you can set up a VPN connection with your WebRamp, you must first set 
up and verify the WebRamp' s Internet connection. See the WebRamp Reference, 
located on the WebRamp CD, for information about setting up an Internet 
connection with the WebRamp. 

The setup process requires some information about the NT server in the other 
office. Before you start, ask the network administrator in the other office to 
provide the following information: 

• the server's WAN or Internet IP address (the address must be static) 

• the server's LAN IP address 

• the user name 

• the password that will allow you to access the LAN in the other office 

NOTE - The NT server must be connected to the Internet for the VPN connection to 
succeed. 

Figure 1-4 shows an example of a WebRamp VPN connection. The steps that 
follow show how to set up the connection shown in the figure. 

Figure 1-4 An example of a VPN connection 
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VPN With the WebRamp Client 



NOTE - In the example below, text that appears in bold italic indicates a placeholder. 

When you set up your own connection, you must substitute that text with your 
own information. 



In this example, Office A is using the WebRamp client to connect to the NT 
server in Office B. Both offices have Internet access configured. 

1. On the WebRamp Setup page, click Connection Wizard. 

2. On the Connection Wizard page, click Configure. 

3. On the Configure a New Connection page, choose VPN from the pull-down 
menu and then click Configure. 

4. On the VPN Configuration page, enter the following information (the server 
IP address, the user name, and the password are provided by the network 
administrator in Office B): 

• In the Name of Connection field, enter Office B. 

• In the VPN Server IP Address field, enter 206.26.1. 7. (the remote NT 
server's Internet address) 

• In the User Name field, enter Userl. 
NOTE - The user name cannot contain spaces. 



• In the Password field, enter your password. 



NOTE - The password cannot contain spaces. 



• Confirm your password and then click Next. 

5. On the VPN Protocol page, click the IP Routing radio button and then click 
Next. (You can also choose IPX routing if users need to access a remote IPX 
service.) 

6. On the WAN IP Address Configuration page, enter 200.20.1.1 in the Remote 
Router LAN IP Address field and then click Next. 

7. On the DNS Configuration page enter the domain name of Office B. For 
example, officeB.com. This is optional. 
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VPN With the WebRamp Client 



8. Choose either Automatically Obtain the DNS Server Addresses or Use the 
Following DNS Server Addresses. If you choose the latter, you must 
provide the DNS server information. (These DNS servers can only be used to 
resolve computer names that end in officeB.com.) 

9. Click Next. 

10. Click Done. 

NOTE - The VPN connection is enabled once you complete the setup with the 

Connection Wizard. If you want to disable the connection, go to the VPN 
Configuration page in the WebRamp setup. See "Advanced Configuration" for 
more information. 



To complete your VPN connection, you must also configure a PPTP server on 
the NT server. You can find detailed information about this process from the 
latest version of the NT Resource Kit, but the basic requirements are an NT 
server with the following: 

• Windows NT Server, version 4.0 or above 

NOTE - You must add a permanent route on the NT server to the WebRamp's LAN 

network. Otherwise the server does not change its routing table in response to 
RIP updates and routing will not work. 

• One or more installed network adapters (two or more are usually required: one 
to connect to the Internet and one or more for the network connections) 

• Network protocols (TCP/IP and IPX/SPX) installed and bound to the network 
adapters for the VPN 

• PPTP server installed and configured (comes with Windows NT Server 4.0 
and above) 

• Static Internet IP address 

• RAS with dial-up networking installed and configured 

You must also do the following in the Routing and RAS settings: 

• In the Routing and RAS VPN interface settings, click Use This Address and 
enter the IP address to use with the connection (the address should be one 
from the address range shown in the RAS server TCP/IP configuration). 
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VPN With the WebRamp Client 



• In the Routing and RAS network configuration settings, under Require 
Microsoft Encrypted Authentication, verify that the Require Strong Data 
Encryption checkbox is NOT selected for the VPN interface. 

• In the Routing and RAS Admin security settings, verify that the Strong Data 
Encryption checkbox is NOT selected for the VPN interface. 

After you have entered all the setup information required for both the WebRamp 
and the remote NT server, all the computers on your network can connect to the 
remote office using the WebRamp client. 



Advanced Configuration 



This section describes the part of the WebRamp' s interface where you can 
modify the information you entered when you set up the VPN connection using 
the Connection Wizard. Also, if you don't want to use the Connection Wizard to 
set up a VPN connection, you can do so from these pages. Figure 1-5 shows the 
VPN Configuration page, which you reach by clicking VPN on the Advanced 
Options page in the WebRamp setup. 

Figure 1-5 VPN Configuration page 
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On the VPN Configuration page, you can enable and disable the VPN connection 
and click links to reach the pages where you modify or enter information for a 
VPN connection. 
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VPN With the WebRamp Client 



NOTE - You must configure an Internet connection before you configure a VPN 

connection. See the WebRamp Reference on the CD that came with your 
product for more information. 



Account Configuration 

On the VPN Account Configuration page, you enter the account information to 
set up the VPN connection. Enter the appropriate information in the following 
fields and then click Apply. 

• Connection Name (for example, Office B) 

• VPN Server IP Address (provided by the administrator at the remote office) 

• User Name (provided by the administrator for the remote office) 

NOTE - The user name cannot contain spaces. 

• Password (provided by the administrator for the remote office) 
NOTE - The password cannot contain spaces. 



Protocol Configuration 

On the VPN Protocol Configuration page you click the following links to reach 
the pages where you configure the communications protocol to use with your 
connection (you can configure either or both): 

• IP Configuration 

• IPX Configuration 

VPN IP Configuration 

On the VPN IP Configuration page, follow these steps to configure IP for the 
VPN connection: 

1. Click Enable IP Routing With This Connection. 

2. Click Dynamic if the remote office has not supplied an IP address for the 
WebRamp, or click Static and enter the IP address provided by the remote 
office. 
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VPN With the WebRamp Client 



3. Enter a remote network address. For example, 200.20.1.0. (This creates a 
route to the remote network.) 

4. From the pull-down menus, choose an IP filter set and RIP direction, as 
needed. (You can create IP filters separately through Advanced 
Configuration.) 

5. Click Apply. 

IPX Configuration 

On the VPN IPX configuration page, follow these steps to configure IPX for a 
VPN connection: 

1. Click Enable IPX Routing On This Connection to enable IPX routing. 

2. Enter the local WAN network number provided by the administrator at the 
remote office. 

3. If no local IPX servers are present on the LAN, then click the checkbox to 
allow SAP requests to initiate a VPN connection to the remote VPN server. 

4. To enable IPX NetBios, click the checkbox. (You must enable IPX Netbios 
for Network Neighborhood capability. See "Network Neighborhood With a 
VPN Connection" for more information.) 

5. To enable spoofing, click the checkbox and enter the spoofing time. This 
minimizes IPX traffic on the VPN connection. 

6. From the pull-down menus, make a selection for RIP Direction and SAP 
Direction or leave the default values. 

7. Click Apply. 

VPN Advanced Configuration 

You use the VPN Advanced Configuration page to add advanced options to the 
VPN connection. From this page you can do the following: 

• Add a compression option. 

• If the remote office supports VJ (Van Jacobson) header compression, click 
Use VJ Header Compression. 

• Choose idle-time disconnect options. 
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VPN With the WebRamp Client 



• If you always want the VPN connection open when the Internet connection 
is active, click Never Disconnect the VPN Connection While the 
Internet Connection Is Active. 

• If you want to determine the length of time the VPN connection remains 
open after a period of inactivity, click Disconnect After the Idle Time 
Specified Below and then enter the number of seconds in the Idle Time in 
Seconds field. (The default is 300 seconds.) 

• Enter the value for the Maximum Receive Unit. The default value is 1524. 



NOTE - Ramp Networks recommends that you do not change the default MRU value 
unless the ISP's router does not support that value. 



Click Apply after you make all your changes. 

VPN DNS Server Configuration 

You use the VPN DNS Configuration page to configure the DNS server 
information for the VPN connection. Follow these steps: 

1. Enter the domain name for the remote office (optional). 

2. Enter the DNS server information to resolve the remote host names. 

• If the remote office did not provide DNS server addresses, click 
Automatically Obtain the DNS Server Address. 

• If the remote office supplied the DNS server addresses, click Use the 
Following DNS Server Address and enter the primary and secondary 
name server addresses. 



NOTE - These name servers are used only to resolve names that belong to the domain 
name specified in step 1. Therefore, if you enter mycompany.com in step 1, 
requests for server.mycompany.com will be sent to the specified DNS 
servers. 



3. Click Apply. 
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Network Neighborhood With a VPN 
Connection 

You can configure the WebRamp and the Windows computers on your LAN and 
at the remote office to allow Network Neighborhood capability on the 
WebRamp' s VPN connection. The VPN connection must be configured with 
IPX or IP and IPX. 

To configure the computers for Network Neighborhood capability on an existing 
VPN connection, follow these steps: 

1. On a Windows computer, from the Start menu, choose Settings and then 
Control Panel. 

2. In the Control Panels window, double-click Network. 

3. In the Network window that appears, verify that the following network 
components are installed: 

• Client for Microsoft Networks 

• Client for Netware Networks 

• IPX/SPX-compatible protocol 

• TCP/IP protocol 

NOTE - Use the Windows 95, Windows 98, or Windows NT CD to install any 
components that are not present. 

4. In the Network window, choose IPX/SPX-compatible Protocol-> <Ethernet 
Card>, and then click Properties. 

5. In the IPX/SPX-Compatible Protocol Properties window, click the I Want to 
Enable NetBIOS Over IPX/SPX checkbox. 

6. In the IPX/SPX-Compatible Protocol Properties window, click the Advanced 
tab, and then click Set This Protocol to Be the Default Protocol. 

7. Click OK. 

8. In the Network Window, click the File and Print Sharing button. 

9. In the File and Print Sharing window, verify that the I Want to Be Able to 
Give Others Access to My Files checkbox is checked. (You must click this 
checkbox to share files with other computers on the LAN.) 
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10. Click OK. 

You must also configure certain WebRamp settings. Follow these steps: 

1. From any page in the WebRamp setup, click Advanced. 

2. On the Advanced page, click VPN. 

3. On the VPN Configuration page, click Protocol Configuration. 

4. On the VPN Protocol Configuration page, click IPX Configuration. 

5. On the VPN IPX Configuration page, do the following: 

• Click Enable IPX Routing On This Connection to enable IPX routing. 

• Enter the local WAN network number provided by the administrator at the 
remote office. 

• If no local IPX servers are present on the LAN, then click the checkbox to 
allow SAP requests to initiate a VPN connection to the remote VPN server. 

• To enable IPX NetBios, click the checkbox. (You must enable IPX Netbios 
for Network Neighborhood capability.) 

• To enable spoofing, click the checkbox and enter the spoofing time. This 
minimizes IPX traffic on the VPN connection. 

• From the pull-down menus, make a selection for RIP Direction and SAP 
Direction or leave the default values. 

• Click Apply. 

You can now access Network Neighborhood at the remote office over the VPN 
connection. 
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